Archive

Or rather “Tweets like Bullets”… I must confess I was uncertain about the title of this post. At the end the one I chose, although absurd at first view, better describes the role that Mobile Technologies (the so called Mobile Warfare) are playing in the dramatic events of Syria. Only few months ago it would have been absurd to only think to fight a tank with a mobile phone, today, looking at what it is happening in the Middle East (and also to what has happened in the Maghreb), it is an image which goes far beyond the reality, and perfectly describes in few words, much better than any post, the way in which the battles for human rights are being led in the Web 2.0 (or War 2.0) world…

The title of the post came to my mind after viewing this post, which well summarizes the way revolutions are being fought.

(Thanks to Josh Levy for reporting the tweet in this post). The above tweet follows the line of the one I mentioned yesterday:

And both of them (together with other tweets of the same shape appeared today), are dramatically witnessing, once again more than any post, how deeply the Mobile Warfare is acting in Syria.

Mobile Warfare shows, once more, that modern wars are being fought in real battlefields and virtual battlefields in the same time, and if one considers mobile phones as a new kind of weapons (and social networks as the media to propagate PsyOps), one finds for these new weapons the same patterns used for real weapons. As a matter of fact what happens in real battlefields? It often happens that foreign governments interested in changing the tide of the battle, allocate funding for the revolutions. Instead in virtual battlefields foreign governments spend millions to facilitate the use of the Internet technologies for activists (as I reported yesterday). Moreover in real battlefields close countries to war zones are used to deliver weapons to one of the parties fighting; again in virtual battlefield close countries are used to smuggle “war 2.0” weapons such as satellite phones, cameras and laptops. Not only: while in real battlefields corps of engineers build line of communications, in virtual battlefield corps of (network and security) engineers build line of mobile communications: this happened in Libya with the backing of Egypt and this is happening in Syria with the backing of Jordan which today enhanced the strength of its mobile network to balance the cut-off of yesterday performed by the Government in order to prevent Mobile Communications the Deraa Governatorate.

Before the protests started, France Telecom, Turkcell and Etisalat were all in the running to bid for the licence. But, at the end of March Etisalat withdrew its offer with France Telecom and Turkcell both removing their bids at the beginning of April.

Etisalat is the UAE Telco Provider which took part to the hack of Colonel Gaddafi’s Libyana Operator providing the satellite feed allowing the Free Libyana calls to be routed. Mobile Warfare has always the same patterns regardless of the country in which it acts.

One last consideration: on top of these thoughts (and these tweets) I could not help thinking about the opposite role that mobile technologies and social network play into different regions of the world. While they contribute to maintain stability (and maturity) in mature countries (even if an excessive usage, most of all from younger generations, tends to make people slave and immature), they are playing a crucial role to enhance the level of freedom and awareness in unstable countries. This is what I called The Thin Red Line which marks the political and social impact of the new technologies into our World constantly moving.

Like this:

It was exactly a month ago when commenting on the Mobile Warfare in Syria, I predicted a possible peak in the protests for the half of April. Unfortunately I was a (quite easy actually) good prophet even if my prediction was not completely correct since we are now in the second half of the month. The wave is moving and in the last days the situation has plunged: protests are rising and from the “Black Friday”, the day in which the protests reached the peak, sources report nearly 300 victims in the wave of violence which shook the Country.

As usual I am watching with interest the roles that mobile technologies and social networks are playing and I am noticing the same patterns which characterized the revolutions of this beginning of 2011: social networks used for witnessing the events, common persons becoming improvised reporters armed only with their mobile devices (weapons), and governments desperately trying to stop the streams of bits from the hot zones with coarse attempts.

Consequently it is not surprising that many tweets are just reporting (together with the dramatic news of new military repressions) the cut-off of Internet, Mobile Phones and landlines in Nawa (Governorate of Daraa).

Nevertheless, Syrian Citizens keep on witnessing, what is happening and their tweets and updates are shacking the web (and the world): they show the importance and power of Mobile Warfare and the weapons citizens are using are well summarized by this tweet which encloses the essence of the mobile warfare:

The shots of the gun are viewable, for instance on the Facebook Syrian Revolution 2011 page, which is continuously fed with video “shot” from mobile devices. Moreover, in this moment, mobile communications in Daraa are possible only thanks to Jordanian Mobile Networks:

Will it happen an hijacking of the mobile network with the collaboration of a close country as occurred in Libya with the “Free Libyana”? Difficult to say, but for sure some other tweets do not exclude this possibility:

Worthwile to mention: the above tweet also mentions the hacking of Addounia.tv occurred on April, the 23rd. “More tradional” Cyberwar operations…

Update

Few seconds after publishing the post I found an interesting information, emphasizing the power of mobile warfare, according to which reports by the “Israeli”, announced yesterday that the United States intends to allocate funding for the “revolutions” through the Internet in the “Arab countries” to help the activists bring about change for their countries.

The information have been mentioned by tge “Jerusalem Post” (but I did not fond any conform so far). According to the latter, the administration of President Barack Obama plans to spend more than $ 25 million to facilitate the use of the Internet through activists who’s governments hinder the use of Internet services.

U.S. Assistant Secretary of State for Public Democracy, Human Rights and Labor “Michael Posner” announced to the newspaper “the current administration believes that democratic change must be emanated from within. ”

Wars and battlefield are really changing and the parallelism between real weapons and cyber weapons is getting more and more pertinent strengthening the concept of War 2.0: in the “old” world, foreign enemy countries financed internal rebels providing them weapons; in the new world they learn them how to use internet.

Update 2

Thanks to Twitter I came across this interesting article from NYT, which further enhances the similarities between cyber-activism and real activism. Exiles drive the revolution allowing the sharing of images and information all over the World. Meanwhile they created a network to smuggle “weapons” inside Syria. Which kind of weapons? Of course satellite phones, along with hundreds of cameras and laptops.

Several say they relied on Syrian businessmen — abroad or in Syria — to finance one of their most impressive feats. After witnessing the Egyptian government’s success in shutting down the Internet and mobile phone networks in January, they made a concerted attempt to circumvent a similar move by delivering satellite phones and modems across Syria. Ammar Abdulhamid, an activist in Maryland, estimated that they delivered 100 satellite phones, along with hundreds of cameras and laptops.

Thanks to this “smuggling” we may listen to the tweets of freedom. The mobile warfare seems unstoppable…

So far what is happening in Libya has offered to myself and to my dear colleague, friend and aviation guru David Cenciotti many opportunities to analyze the points of convergence in modern wars between information security and military operations.

In several posts I tried to figure out the role of new technologies in modern wars (now you should be familiar and even a little bit bored with the term Mobile Warfare), and probably this article describing a real operation aimed to hijack the Libyana Cellular Network by the Rebel Forces is the best example to describe how real modern wars may be fought with Cyber weapons.

Apparently this is a pure (cyber)military operation and there is no trace of conventional military forces, nevertheless (I am getting older!) after publishing the article I just felt like I missed something. Only a couple of days later, David made me notice I missed a fundamental link between the cyber operation and his real passion: the aviation. He had to quote a passage of the original Wall Street Journal article to make me realize the missing element:

The new network, first plotted on an airplane napkin and assembled with the help of oil-rich Arab nations, is giving more than two million Libyans their first connections to each other and the outside world after Col. Gadhafi cut off their telephone and Internet service about a month ago.

How could I miss it! The new hijacked network was first plotted on an airplane napkin: here the point of convergence between Cyber Operations and aviation, even if in this case the support provided by aviation was only logistic and not military, in the sense that it provided, so to speak, the necessary “infrastructure” to plot the initial schema of the network.

Of course this is a kind of joke since in this case the role of cyber weapons (the hijack plan) and conventional weapons (the airplane) was well distinct and consequently the boundary of cyber world and real world was not overcome (as if to say: the cell network was not bombed). Nevertheless these joyful thoughts come out in the same day in which an (apparently unrelated) opposite example has shown that the boundary between the two worlds can be easily overcome and cyber weapons may become as lethal as real weapons: the example is Stuxnet, since just today Iran admitted the real extent of the damage caused by this terrible malware.

In recent weeks, Iranian media reported about dozens of large-scale accidents and explosions in Iran’s industrial sites, especially facilities dealing with oil and petrochemicals. Iran reported at least ten deaths in these explosions.

“Enemies have attacked industrial infrastructure and undermined industrial production through cyber attacks. This was a hostile action against our country,” Iran’s official IRNA news agency quoted Jalali as saying. “If it had not been confronted on time, much material damage and human loss could have been inflicted.”

The fact that Stuxnet damaged some Iranian Nuclear Facilities and delayed the Nuclear Program is something well known. The fact that the malware even caused some victims between the technicians of the industrial sites targeted is something completely new and unprecedented. From a metaphorical point of view Stuxnet acted as a portal between cyber and real battlefields, where unfortunately victims are not virtual. Another unenviable record demolished by this terrible malware that is leaving an indelible mark on the information security landscape .

This is exactly what happened in Libya where the rebels, with the support of a Libyan-American telecom executive Ousama Abushagur and oil-rich Arab nations, were able to hijack Libyana Phone Network, the cellular network owned by one of the Colonel’s sons, to steal from Libyana a database of phone numbers, and to build from (partial) scratch a new cell network serving 2 million Libyans, renamed “Free Libyana”. This action was aimed to restore internal Cellular communications after Gaddafi shut down the country’s cellular and data networks.

The operation was led from Abu Dhabu by Ousama Abushagur, a 31-year-old Libyan telecom executive. Mr. Abushagur and two childhood friends started fund-raising on Feb. 17 to support the political protests that were emerging in Libya. During one mission to bring humanitarian aid convoys to eastern Libya, they found their cellphones jammed or out of commission, making nearly impossible planning and logistics. This was the reason why Mr.Abushagur decided to draw a plan for hijacking the Libyana Network, divert the signal and establish a new backbone free of Tripoli’s control, also with the intention to provide backing to the rebels forces which were beginning to feel the effects of the loyalist counteroffensive.

In a race against time to solve technical, engineering and legal challenges, U.A.E. and Qatar (whose officials didn’t respond to requests for comment) provided diplomatic (and economical) support to buy the telecommunications equipment needed in Benghazi. A direct support was provided also by Etilsat, Emirates Teleccomunications Corporation, which refused to comment as well). The support of the Gulf nation was necessary also because, meanwhile, it looks like that Huawei Technologies Ltd., the Chinese Company among the original contractors for Libyana’s cellular network backbone, refused to sell equipment for the rebel project, causing Mr. Abushagur and his engineers to implement a hybrid technical solution to match other companies’ hardware with the existing Libyan network.

By March 21, most of the main pieces of equipment had arrived in the U.A.E. and Mr. Abushagur shipped them to Benghazi with a team composed by three Libyan telecom engineers, four Western engineers and a team of bodyguards: the Corps of Network Engineers committed to build the new infrastructure in the war zone.

Since Col. Gaddafi’s forces were bombing the rebel capital, Mr. Abushagur diverted the Corps of Network Engineers and their equipment to an Egyptian air base on the Libyan border (another indirect show of Arab support for rebels). Once in Libya, the Corps paired with Libyana engineers and executives based in Benghazi. Together, they fused the new equipment into the existing cellphone network, creating an independent data and routing system free from Tripoli’s command. To be free from Tripoli was also a security requirement, since Col. Gaddafi had built his telecommunications infrastructure in order to route all calls (and data) through the capital in order to be easily intercepted and eavesdropped.

After implementing the network, the new Telco had to attract “customers”. A war zone is not the ideal place for advertisement, so nothing better than capturing the Tripoli-based database of phone numbers, and inserting Libyana customers and phone numbers into the new system called “Free Libyana.” The last piece of the puzzle was securing a satellite feed, through Etisalat, with which the Free Libyana calls could be routed.

An important detail: all the operation was successfully performed without the support of allied forces, the result is that rebels now can use cellphones to communicate between the front lines and opposition leaders.

If for a moment we forget that we are speaking about cellular networks, we could assimilate this event as part of a civil war operation, in which friendly countries and dissidents from abroad endeavor to provide weapons to rebels in order to turn the tide of a conflict (examples of which the history is full). In this circumstance this operation did not turn the tide of the conflict (at least so far but mobile warfare, while important, has still a smaller weight in a conflict than real warfare), nevertheless, for sure, restored mobile communications are supporting the leaders of the rebellion to better communicate among them and to better organize the resistance against the loyalists: as a matter of fact the March cutoff forced rebels to use flags to communicate on the battlefield. I will never tire of saying that the events in the Mediterranean area do (and did) not rely solely on conventional weapons but also on weapons of communications (the mobile warfare) through which rebels forces provided abroad the information necessary to witness exactly the brutal internal events and rallied international backing.

After so much theory depicted in my posts, finally the first real and meaningful example of the importance of mobile warfare in the events of Northern Africa, and that example! One single event has unleashed the importance of mobile technologies in war zone and the crucial role played by specialized teams dedicated to establish and maintain communications: the Corps of (Network and Security) Engineers.

There is a thin red line which links the alleged stability of the so called western world, with the instability of the middle east and it consists once again in the opposite role that mobile technologies and social network play in these two different regions of the world. In few words one might say that these technologies contribute to maintain stability (and maturity) in mature countries, and to enhance the level of liberty and awareness in immature countries.

Few posts ago, I just identified one of the reasons for the instability of the Middle East on the role played by mobile technologies and social networks in feeding the protests in Tunisia, Egypt and Syria, essentially contributing to make the younger middle-east generations aware of the discrepancies between their lease of life and that of their occidental peers, and hence acting as a wind capable of propagating at an unprecedented speed the flames of change raised from the Maghreb. In my articles I referred to the effect of these new technologies as Mobile Warfare.

If, for a moment, I turn my head to look at the West I see an opposite situation, unleashing an opposite role for Mobile Technologies and Social Network which, in this context, differently from Middle East, are contributing to maintain social stability, even in a quite complicated economic situation like is the current European situation (and the last events in Greece, Ireland and Portugal are an evident thermometer of the boiling economic situation in the Old Continent). Of course I would not mind to apply the ancient Roman motto “panem et circences” (bread and circuses), luckily for this scope, our society invented football, anyway even if we do not want to bring in football, there are two other factors which, in my opinion, play an important role for our (in)stability: the wish to catch the last tweet or, even better, the last Facebook status update, but also, for most mature generations, the continual rush to the last techno-gadget.

First of all, the rush to tweets or (most of all) status updates is something which affects primarily younger generations (even if the potential of Twitter is pretty much under evaluated in Italy) but, like it or not, it is something which must be kept under serious considerations.

Of course, there are two opposite ways to read this statement: a negative interpretation could lead to think that younger generations are too much addicted to social networks and mobile technologies to the point of neglecting most important problems, on the other hand a positive interpretation could lead to think that social network and mobile technologies allow to share news and information, making them accessible to a greater audience, in formats comprehensible by (and adapted for) different population groups and heterogeneous levels of culture, contributing to create mature citizens. Of course my scope is not to determine which of the two interpretations is the predominant, rather than to highlight, like it or not, the significant role of these media.

Something similar applies if we move to most (im)mature generations, since, also in this case, Social Networks contribute to share information and (in theory) to spread a most mature approach to Society. For this population group an additional factor is involved and it is represented by the rush to the last techno-gadgets which have become a status symbol: nowadays our iPads, iPhones, Android devices, etc. highlight the role of the individual on the society, in a certain manner as a luxury or sport car does, with the difference that the last Android or iPhone is (at least in theory) much more accessible.

If one analyzes this picture from a more global perspective, one finds that mobile technologies and social networks may be assimilated in every way to real weapons: in immature countries they may be used to fight wars for freedom versus authoritarian regimes (as happened in the near past in Maghreb and as happening in Syria or Bahrain), in the same time they may be used in mature countries by wise governments to maintain order and stability, or, unfortunately, also by subtle governments to reduce population to (psychological) servitude.

We know what it means to use “mobile warfare” to fight wars for liberty versus authoritarian regimes: just watch the news and hear the latest events coming from Libya. Very different is the case of mature countries. In these nations, using these (mobile technologies and social networks) weapons to maintain order or stability corresponds to make a wise use of them to keep citizens informed and to create a common mature awareness, using these weapons to reduce population to (psychological) servitude corresponds to use mobile warfare to distract citizens from real social problems and perform large-scale psyops operations. In theory younger population are the most vulnerable to these kind threats even if I must confess, according to my personal experience, that the use of social network is far less wise by the older age ranges that, in turn, seriously risk to be the most vulnerable to an improper use of new technologies by subtle governements.

I spent some time in reading the declarations of Comodo Hacker, the alleged author of the fake Certificates issued by mean of the compromising of a couple of (sigh!) Italian Comodo Partners, and I found some very interesting points far beyond the single event.

Actually, it had been clear from the beginning that the attack had been performed from an Iranian ISP, feeding the hypothesis of an Iranian Cyber Army action aimed to intercept emails from dissidents in a quite troubled moment from the Middle East after the winds of change blowing from the Maghreb.

Anyway Comodo Hacker was anxious to quickly put the record straight, declaring he was the only author of the attack, and, if one just wanted to involve an army on the event, had to consider that he was the only army, being able to rely on his own experience of 1000 programmers, 1000 project managers, 1000 hackers:

Now, even if the political connotation of the message still makes me think that behind this act there might be a real cyber army (but this is my personal opinion), this is not the real point. The real point is that this attack occurred as a kind of revenge against Stuxnet, and more in general the fact, supported by Comodo Hacker, that the U.S. and Israel where behind it.

Fight fire with fire, fight code with code…

The attack to Comodo Certificates has left a wide impact in the INFOSEC world and probably things will not be the same anymore since in few days all the strongholds, the identity security model relied on, have been miserably compromised (I took the liberty to add the RSA affaire to this event even if there is no evidence so far of a political matrix behind it). But there is another interesting point, and it is the third law of motion (you will not probably know I was a physic in my previous life) which, with not too much imagination, could be applied to infosec as well, if one considers the events that are happening: “the mutual forces of action and reaction between two bodies are equal, opposite and collinear”, which, in few and simple words should sound as: “to every cber-action corresponds an equal and opposite cyber-reaction”. If this is true, this means to me, as an infosec professional, that we will have to get used to similar cyber actions. Also from this point of view things will not be the same anymore…

Armed with this awareness, my mind runs inevitably among the dunes of the Libyan desert, where a civil war is being fought, now sadly familiar to all. Let me fly (but not too much) with my imagination and think that the Civil War will end up with the exile of Mr. Muammar Gaddafi. In this case it is likely to expect that he will find his revenge, not only with real terrorists act, but also with (cyber)terrorist acts, in the wake of the Comodo affaire, which, even if related to Iran, is the first known example of a cyber-terrorist act strictly related not only to the Stuxnet attack, but also to the movements flooding from Maghreb to Middle East, what I called the Mobile Warfare due to the primary role played by the mobile technologies inside these events.

We don’t have privacy in internet, we don’t have security in digital world, just wait and see… These lines can be considered as a kind of Declaration of Cyber-war against everything…

Targets of Cyberwar

Nowadays everything has a stream of bit inside and as a matter of fact is vulnerable to malware. What is happening in Libya (and the consequences on our energy bills), together with the risk of nuclear meltdown in Fukushima is pushing the so called Western world to reconsider its energy policy and accelerate the development of Smart Grids in order to promote a better, wiser use of energy. In these circumstances compromising an energy facility would have a huge practical and symbolic impact (do you remember the Night Dragon APT, tailored specifically for Oil Facilities?), that is the reason why, in my opinion, the first targets of this Cyber-terrorism reaction will be energy utilities. Few weeks ago I wrote an article (in Italian) concerning vulnerabilities and security of Smart Grids, which can be considered the “world of unknown” from a security perspective since they adopt an Internet open model to interconnect old legacy SCADA systems and, to make matters worse, the structures that govern the IT world and the SCADA world have a silo-ed approach being often mutually suspicious against each other. As a dark omen, few days later, a list of 34 0-day SCADA vulnerabilities was released by Luigi Auriemma, an Italian Researcher.

Think about it: compromising a smart grid with a SCADA malware could have potentially devastating consequences and should sound as a kind of dark revenge: imagine an Iranian SCADA malware sabotaging the energy facilities of U.S., and more in general the facilities the Western World is building to cut the umbilical cord that ties him strictly to the Middle East countries (that often are also the hottest as far as the political temperature is concerned).

Moreover, the development of electric vehicles will further complicate the scenario since they will be able to interconnect Directly to Home Area Networks (the borderline of Smart Grids), offering an unexpected (and probably not so complicated) ingress point for Cyber-Terrorists to Smart Grids, if it is true that nowadays a small car owns 30-50 ECU (Electronic Control Units) interconnected by a bidirectional Synchronous bus and governed by something like 100 millions of lines of codes. My dear friend and colleague, ICT Security expert and Aviation Guru, David Cenciotti will be glad to know that an F-22 Raptor owns about one tenth of lines of codes (“only” 1.7 millions), the F-35 Joint Strike Fighter about 5.7 millions and Boeing 787 Dreamliner about 6.5 millions used to manage avionics and on-board systems. Of course one may not exclude a priori that these systems may be target as well of specific tailored malware (do you remember the intrepid Jeff Goldbum injecting on the mother ship of Aliens on Independence Day?)

Prepare ourselves for a Smart Grid Stuxnet? I think there is enough to be worried about for the next years…

In this post I explained that, what I called the mobile warfare (that is social protest driven by mobile technologies and social networks), is rapidly spreading all over the Middle East, apparently with a systematic time scale (so far events in Tunisia, Egypt and Libya have been separated by approximately a month).

Many observers claim that, in the shorter term, Syria and Bahrain could be the next targets of internal protests (last week 150 people were killed in Syria and today the government led by PM Naji Otri has resigned, apparently a quantum shift).

But the wave coming from Maghreb, led by the mobile warfare, seems unstoppable and in the longer term, also Iran and Iraq, the main barriers of fundamentalism, could be affected as well.

Of course, one of the most exciting things of Infosec, is the fact that the reality is always one step ahead of the imagination. As a matter of fact I tried to imagine different ways in which bad guys from totalitarian regimes could prevent mobile technologies and social networks from achieving their scope to encourage citizens to join the protests, including DDoS, Internet connectivity disruption and so on… I could not imagine, however, that one could think to issue rogue certificates for some high profile websites used for email and chat in order, maybe, to intercept cumbersome and subversive communications.

That is exactly what happened with the Comodo Affairein which some fraudulent certificates were issued by the Comodo Certificate Authority, exploiting a vulnerability of a couple of Italian affiliates (sigh!) globaltrust.it and instantssl.it allowing to issue a legitimate signed certificate on behalf of any requesting entity. This vulnerability was used in order to issue rogue Certificate Signing Request (CSR), that is false request to obtain legitimate SSL certificates for the following web sites:

For those of you, who are not too much practical with Public Key infrastructure and Cryptography, this means that, in simple words, once obtained a rogue certificate one may build a false web site (for instance a false mail.google.com website) to capture precious information normally “traveling” on the web encrypted, for instance username and password of private email. This is called a man-in-the-middle attack.

Since it was discovered that the rogue Certificate Signing Request originated from an ISP located in Iran, an alleged political origin for the attack was proposed, motivating it with the attempt of the Iranian government (enforced by a Cyber Army), to intercept communications and more in general emails and chats belonging to political leaders not “too close” to the positions of Mr. Mahmoud Ahmadinejad (mmhh.. at least for the alleged purpose, to me it reminds Operation Aurora, doesn’t it?)

Now, it looks like that a lonely ranger Iranian hacker, not belonging to any army, claimed the to be the only author of hack (at this link the complete history and a detailed analysis of the event). Probably a real Iranian involvement will not ever been confirmed, but to me, the doubt that this action was planned to stop the mobile warfare remains intact. Otherwise I would not be able to understand why only certificates related to secure communication methods were affected, often used by dissidents to organize protests and share news with the world.

Interesting Links

About This Blog

In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.

Every information is reported with its source.

Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.